Closes: #16797
Changes:
- Updated `build-static-content` to throw an error if an extensionless
Markdown link containing a hash link is found.
- Fixed two broken relative links in the contributing documentation
Python >= 3.12 no longer ships with the `distutils` module out of the
box. It can be installed using `pip install setuptools`.
This may be fixed when updating node packages that rely on python, but
until then it may come up during `make deps`.
Reference: https://stackoverflow.com/a/76691103
Moving mdm_profiles to it-and-security/lib/mdm_profiles so that they are
together with other gitops config files.
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
+ Changed a bunch of instances of "member" to "user" to match the
updated UI (https://github.com/fleetdm/fleet/issues/15893)
+ Cut some step-by-step instructions for using the team UI from the
"Segment hosts" docs
+ Add some missing "_Available in Fleet Premium_." flags to `team_id`
parameter descriptions for API endpoints available in Fleet Free.
+ Remove one duplicate instance of `team_id`
- Remove example YAML file from docs to deduplicate
- Update "Prepare a new version of Fleet" handbook instructions to point
to the best practice YAML
- Add README to point to docs
- Move tools for deploying Fleet on Kubernetes to `Deploy/` folder.
- Add @dherder as CODEOWNER so that Dave gets pinged every time a
contributor wants to make a change to the Kubernetes
---------
Co-authored-by: Dave Herder <27025660+dherder@users.noreply.github.com>
Co-authored-by: Luke Heath <luke@fleetdm.com>
updated URL for orbit docs. The previous location forwarded to
https://fleetdm.com/docs/using-fleet/enroll-hosts and did not give info
about Orbit.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Removing entry. 1) failed to build again. Now that this is "device
health" this query probably doesn't really fit with the rest of the list
anyway. Sorry for all the approvals...
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
When attempting to follow the kubernetes install directions I
encountered a few issues.
1. The image version was no longer hosted on dockerhub. And new versions
now are tagged with a "v" prefix.
2. The webserver was not able to bind to port 443 on a managed version
of k8s.
3. The dns name(s) for the latest redis helm chart have changed. They
are now `{release}-master` for read-write and `{release}-replica` for
read only nodes.
4. The deployment API is out of date.
This PR fixes those issues.
- Cut down on user facing doc content so first time Fleet users can find
the right information. This could be moved into an "Advanced" section in
the future.
Docs for the "Windows OS updates" (#11951) user story
- Update "macOS updates" doc page to cross-platform "OS updates" page
- Update pricing page
- Update copy in the UI to clarify behavior of Windows updates
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Part of #9949
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
Changes:
- Updated two (broken) relative links on the "macOS updates"
documentation page to point to the documentation page on fleetdm.com
- Added a redirect to fix broken links to the product design handbook
page (/handbook/product » /handbook/product-design)
Addresses the following subtask: #16073
Fleet is investing in more automated testing for MDM features.
Update the table to reflect the versions that Fleet is running tests
against:
- macOS 13 and 14
- Windows 10 and 11
- Ubuntu Linux 20+
To support `fleetctl gitops`, gitops role can now read policies/queries
and write scripts.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Closes: #16451
Changes:
- Updated the "spin up for yourself" link in the FAQ to go to the
deploying docs.
- Updated the custom idp integration card link to go to the IDP
configuration section of the SSO docs page.
- Update "Custom macOS settings" page to cross-platform "Custom OS
settings" page
- Match format w/ "Disk encryption" and "OS updates" pages
- Cut content and make the docs more of reference
- Link to best practice GitOps
- Update pricing page
- Add redirects
It is very easy for data collection like this to veer into double /
triple negative mulitverse of madness stuff...
That said, I may have a lack of understanding about how the product
works, i.e., that a query literally must return a 0 value & not null in
order to "pass" in a policy. If so, then this works as expected.
However, if a query just needs to return empty (null) & 0 is implied in
the logic that sets a policy flag to green or red, then, as a rule,
queries like this should be always be simplified & should default to
using "positive" as opposed to "negative" logic, i.e., check if
something exists, never check if a thing does NOT exist.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests: Tested by adding dummy Emergency Kit.pdf
files to Desktop & Downloads, running query, then, removing files &
running query.
API changes for the "Upcoming activities: Run scripts on online/offline
hosts" (#15529) story
Changes:
- Script endpoints are available in Fleet Free and Fleet Premium
- Update `POST /scripts/run` to add a script to the bottom of the
upcoming activities
- Update `POST /scripts/run/sync`
- Add `GET /hosts/:id/activities` to show past activity feed
- Add `GET /hosts/:id/activities/upcoming` to show upcoming activity
feed
- Move docs for `GET /hosts/:id/scripts` to a new "Get host's scripts
section" under "Hosts"
API changes for the following story:
- #14674
- Both `GET /software` and [`GET
/software/versions`](https://github.com/fleetdm/fleet/pull/14831/files#diff-7246bc304b15c8865ed8eaa205e9c244d0a0314e4bae60cf553dc06147c38b64R7035)
will work the same. We're just documenting `GET /software/versions`
- Both `GET /software/{id}` and `GET /software/versions/{id}` will work
the same. We're just documenting `GET /software/versions/{id}`
- `count` added in both `GET /software/versions` and `GET
/software/titles`. `GET / software/count` still available (but removed
from docs).
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
API changes for the Windows configuration profiles story:
- #13281
It's **ready for review**, but marked as a draft because of KPI (PR open
time)
- DONE: Remove activity types changes before merging (those will be
automatically generated)
#### `profile_id` and `profile_uuid` changes specified in following
ticket:
- #15274
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
- Pull info about duration-based settings to the top to make it clear.
For this bug: #15926
- Add info about self-managed v. managed-cloud customers
- Cut content
Closes: https://github.com/fleetdm/confidential/issues/4665
Changes:
- Added a new documentation page that provides instructions for
downgrading from Fleet premium. The content for this section was pulled
from a [commented-out FAQ
question](1d2f5ae42a/docs/Get%20started/FAQ.md (L363-L394)).
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
> Relevant issue: #15625
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
> Relevant issue: #14500
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
previous: ...one ticket is created per CVE regardless of the number of
hosts on which such CVE is detected.
Hope that meaning is the same? If so, what is there is a little clunky.
Not meaning to be pedantic just trying to make the flow a bit more
natural. :)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#14879
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
📺 Loom:
https://www.loom.com/share/9e17848963574af3aa10d426b450bcd0?sid=f8078293-c7e1-4864-a8a3-4cec996971f5#15476#15540#15542
After upgrading fleetd, customer-blanco saw a spike in traffic and a
spike in DB connections. These fixes attempt to reduce the traffic and
DB load when fleetd is upgraded.
On the server, added fleet/device/{token}/ping endpoint to be used by
agents to check their token.
On the agent:
- Removed call to fleet/orbit/device_token unless token needs to be
updated.
- Changed call to fleet/device/{token}/desktop with a less resource
intensive call to fleet/device/{token}/ping
- Removed call to fleet/orbit/ping
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Associated w/ this story: #15600
- Update docs now that disk encryption enforcement is cross platform
(Windows story here: #12577)
- Remove section about resetting a password w/ disk encryption key to
reduce doc content. Remove this link from the UI
Makes parameter formatting in documented REST API paths consistent.
Previously, we were using a mix of `/foo/:parameter/bar` and
`/foo/{parameter}/bar`. This updates all URLs to use `:` instead of
`{…}`.
Also, opportunistically fixed some other inconsistent formatting I
noticed in a couple places.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Simplify usage instructions to make it more like a reference
- Move "Run script asynchronously" to contributor docs so that user
facing API docs have one best practice API endpoint for scripts. Call
synchronous endpoint "Run script"
- Remove section about plain osquery and launcher. Using fleetd is best
practice and we want all new Fleet users to follow this best practice.
If they can't we want to learn why.
- Replace "Fleetd configuration options" section with a tip. Easier to
maintain as we add/update flags.
Closes: #15255
Changes:
- Added the usage statistics added in
https://github.com/fleetdm/fleet/pull/14216 to the inputs of the
`receive-usage-analytics` webhook.
- Updated the `receive-usage-analytics` webhook to send the new usage
statistics to Datadog.
- Added attributes for the new usage statistics to the
`HistoricalUsageSnapshot` model.
- Removed the `columnName` from the `hostsStatusWebHookEnabled`
attribute of the `HistoricalUsageSnapshot` model, the name of this
column will be changed in the database when the new columns are added to
the databse table.
- Updated the usage statistics documentation to have the new statistics.
This PR requires database migrations. When this is approved and ready to
merge, we will need to:
- [ ] Merge this PR
- [ ] Put fleetdm.com into maintenance mode while the "Deploy Fleet
website" GH action runs.
- [ ] Add the new columns to the database table
- [ ] Change the name of the `hostStatusWebhookEnabled` column to
`hostsStatusWebHookEnabled`
- [ ] Set the default values for the new columns on the existing
records.
- [ ] When the website has finished redeploying, take it out of
maintenance mode.
Removed Orbit from top header list and the Components diagram. There is
a lot of additional Orbit content throughout this doc that needs to be
purged over time, especially when fleetctl commands are changed as the
Orbit object is eliminated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
- Add Isabell to team table
- reorder contact-us in leadership page
- Standardize "Contact us" on all departmental pages
- Convert all responsibilities to imperative mood verb phrase
- Untangle and deduplicate Engineering <> Product groups <> Product
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
#14888
@getvictor This is ready for review, but keeping as draft as there are
probably many tests that need amending.
I used the new version of the `./tools/nvd/nvdvuln/nvdvuln.go` to
compare the current vulnerabilities found in our dogfood environment
with the vulnerabilities found by the code in this PR and both results
match:
```
go run -race -tags fts5 ./tools/nvd/nvdvuln/nvdvuln.go --debug --db_dir ./local --software_from_url <dogfood URL> --software_from_api_token <API_TOKEN> --sync 2>&1 | tee out.txt
[...]
CVEs found and expected matched!
```
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
Closes: #11812
Changes:
- Renamed the `hostStatusWebhookEnabled` attribute of the
`HistoricalUsageSnapshot` model to `hostsStatusWebHookEnabled` and
updated the definition to use the existing database column name.
- Updated the inputs of the `receive-usage-analytics` webhook to accept
a `hostsStatusWebHookEnabled` input.
- Updated the usage statistics documentation to have the [correct
variable
name](36e12d02e3/server/fleet/statistics.go (L21)).
Summary:
- Enroll hosts page refinement
- Since page was too long and had a lot of content I did following:
- Moved most important sections to the top
- Did some changes to make things more consistent, when possible having
UI and CLI sections with steps (ordered list)
- Moved `Add hosts with plain osquery` to contributor docs, since I
learned this approach is used just by couple of Fleet customers, and we
don't advise this as best practice anymore
- Added overview (table of contents) on the top to make easier to
navigate through the page
- Moved some technical (advanced) topics into separate section on the
bottom of the page
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/REST API/rest-api.md or
docs/Contributing/API-for-contributors.md)
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
for #14361 this adds the bits related to saving a slice of strings with
paths to configuration profiles.
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Added a guide for which API endpoints to expose and fixed an associated
broken link. See https://github.com/fleetdm/fleet/issues/15115 for
context.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
Changes:
- Added a pageOrderInSection meta tag to the high level architecture
page in the contributing docs. The missing meta tag is currently
preventing the Fleet website from deploying and causing the website
tests to fail.
Closes: #14812
Changes:
- Added a "critical" tag to critical policies in the standard query
library.
- Updated the macOS version used in the "Operating system up to date
(macOS)" policy.
- Updated the name of a policy to be in sentence case ("MDM Enrolled
(macOS)" » "MDM enrolled (macOS)")
- Updated the build-static-content script to add a `critical` attribute
to queries that have the "critical" tag.
- Updated the /queries page to add a "critical" badge to queries that
have the critical attribute.
It's a bit unclear from the permissions docs _how_ observers are able to
view all queries & their reports, leading to bug reports like
[this](https://github.com/fleetdm/fleet/issues/15009).
I think the intended behavior is that observers can view all queries and
their reports **via the API** but not in the UI or fleetctl. Updated
notes to clarify. (Let me know if my interpretation is incorrect!)
Changes:
- added backticks to a parameter description ("`"differential", or
"differential_ignore_removals"`" » "`"differential"`, or
`"differential_ignore_removals"`")...
If some of the following don't apply, delete the relevant line.
...
---------
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
I've updated the ATC example that uses TCC.db to be cross-compatible
with as many MacOS versions as possible. This is still useful as-is.
I've also added a chunk for folks to copy/paste directly into their team
settings in the UI for those not using GitOps.
Hopefully others find this helpful!
...
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
@ksatter I haven't included an example of the audit logs because we
already have it elsewhere in the docs, so have just linked.
Reference: #13646 & #13648
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Changes:
- Added "Why Fleet" section to incorporate Fleet's point of view.
- Updated the "What's it for" section
- Lit up some useful links
- Updated some out-of-date links
.
API changes for the Windows MDM command story: #13069
Changes:
- Add cross platform endpoints used for macOS and Windows MDM commands
- Deprecate `/apple` endpoints.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Closes https://github.com/fleetdm/fleet/issues/14814
Changes:
- moved the FAQs from the pricing page to the FAQs in the docs. The
theory is that these questions are a long way down the page and likely
being missed.
- Added five more questions and answers to the FAQ from questions that
come up during customer calls.
- Commented out existing questions. Some are out of date, and some have
been dumped into the FAQ for lack of a better place to put them. We will
continue to add to this list with stronger content from talking with
users and customers.
- added a link to the FAQ on the pricing page.
Moved "List queries" to the top, to match the order of other sections of
the API. (We usually start with the endpoint to get a list of things,
_then_ the endpoint to get one thing by ID.)
#13998
Cleaned up REST API input validation for hosts, carves, users endpoints.
rest-api.md changes explained:
https://www.loom.com/share/9cd82653bacb4528bdaac117ec85a976
For the following endpoints:
/api/v1/fleet/hosts
/api/v1/fleet/hosts/count
/api/v1/fleet/hosts/report
- converted validation errors from 500 to 400 HTTP status code
- added validation that policy_id must be present when policy_response
is specified
- added validation that policy_response must be `passing` or `failing`
- added validation that `os_name` must be specified with `os_version`
For the following endpoint:
/api/v1/fleet/users
- converted team_id validation error from 500 to 400 HTTP status code
For the following endpoint:
/api/v1/fleet/carves
- added rest-api.md documentation for `page`, `per_page`, `order_key`,
`order_direction`, and `expired`
- converted `expired` validation error from 500 to 400 HTTP status code
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#13615
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Addresses: https://github.com/fleetdm/confidential/issues/3914
- Consolidate changes from #13943, #14184, and #14249 into article
- Remove "Window setup" doc page.
TODO: @spokanemac to add an image for the article and appropriate meta
tags so that the article shows up on fleetdm.com/guides
---------
Co-authored-by: spokanemac <jack@jdstrong.com>
Co-authored-by: JD <spokanemac@users.noreply.github.com>
Co-authored-by: Eric <eashaw@sailsjs.com>
Move content into a blockquote (since h3s on this page are reserved for
API endpoints), and point users toward how to get errors for a
particular query via the REST API.
Closes: https://github.com/fleetdm/confidential/issues/4015
Changes:
- Changed the url for `/fleetctl-preview` to
`/try-fleet/fleetctl-preview`
- Updated the controller for the `/fleetctl-preview` page to redirect
non-logged-in users to `/try-fleet/login`
- Removed the route for `/try-fleet/sandbox-expired`, and added a
redirect going to `/try-fleet/fleetctl-preview`.
- Updated the controller for `/try-fleet/sandbox` to redirect the users
without a non-expired Sandbox instance to `/try-fleet/fleetctl-preview`.
- Updated `signup.js` to not provision Fleet sandbox instances for
users.
- Updated the `User` model to support a third `signupReason`: "Try
Fleet"
- Updated `/try-fleet/register` to submit "Try Fleet" as a
`signupReason` when users sign up.
- Renamed the files for the `/fleetctl-preview` page (`get-started` »
`fleetctl-preview`)
- Updated/removed Fleet Sandbox related handbook sections.
- Replaced the "Fleet vs Fleet Sandbox" section in the deploying
documentation with a note about `fleetctl preview`.
- Updated links to Fleet Sandbox in articles.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
I was in this file and got sucked into fixing up a bunch of typos and
grammar issues. (I just had to clear all the Grammarly red marks 😵💫)
- Added missing punctuation
- Removed unnecessary punctuation
- Fixed some typos
- Hypenated some compound adjectives
- Removed some unnecessary hyphens
.
Draft PR to show API changes for #7766#13469
---------
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Fixing typos - replacing capital case with lower case.
Removed all the checklist because it doesn't apply to changes in the
documentation....
...
...
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
I added a link to the license dispenser in the "Can you host Fleet for
me?" section.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
Fixed markdown syntax for links in a couple places where it was
formatted incorrectly (`(…)[…]` instead of `[…](…)`)
(Fixed one earlier and just searched the docs folder for `)[` to find
these; hopefully this PR nabs the rest.)
- Update configuration docs to clarify this and what the workaround is
if changing the cert/key is necessary (due to compromise)
- Remove words from macOS setup docs
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
This change is to reduce surface area of the conceptual docs. We already
point users toward how to identify the policies that need a Group Policy
template:
> These items are tagged with the label
`CIS_group_policy_template_required` in the YAML file, and details about
the required Group Policy templates can be found in each item's
`resolution`.
Keeping a duplicate list here is just more surface area to maintain, aka
more content that's likely to get out-of date. (And since it's in a code
block anyway, it's not any easier to read here than by just referencing
the YAML file directly, so the user experience won't suffer from us
removing it.)
- Add new "Windows setup" page to "Device Management" section of docs
- Rename "MDM setup" page to "macOS setup." Update links and add redirect
- Rename existing "macOS setup" page to "macOS setup experience." Update links. Did not add redirect because of conflict with "macOS setup" page
- Remove "MDM" from all MDM doc page titles
Link for Fleet's example ADE profile incorrectly points to a profile
called `setup_assistant.json`. The correct profile is
`automatic_enrollment.json`. Link is corrected in the PR.
Added additional information about what differentiates the Contributor
API routes from the public API routes.
# Checklist for submitter
Docs-only change
Closes: #12836
Changes:
- Updated the `build-static-content` script to not add HTML comments to
Markdown codeblocks, and to not replace HTML comments in generated HTML
pages
- Updated the custom codeblock renderer in the `to-html` helper to add
syntax highlighting classes to Markdown codeblocks.
- Updated the indentation of content in lists on the MDM macOS setup
docs page.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Purpose of this change:
- Right now we don't have a guide for deploying on Azure. We want to
prompt people to ask for it by linking them to the Slack. That is a way
that we can kick off the process of writing a formal document.
Closes: #13691
Changes:
- Added keywords for syntax highlighting to code blocks in documentation
Markdown files.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Migrated remaining docs pages as part of the July 31st docs re-org
project. (See https://github.com/fleetdm/fleet/issues/13684)
Changes:
- Removed "Commands" section from fleet-server-configuration.md
- Moved systemd, using a proxy, SSO, and public IP content to the
"Deploy" docs and added stubs in the original file to preserve
bookmarked links.
- Changed the headings of the original stubs in the point above to be
wrapped in an HTML H2 tag to hide them from the "On this page
navigation."
- Updated left side-bar styling to match wireframes.
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Added documentation for experimental Orbit feature to silence errors
related to enrollment for #13071
# Checklist for submitter
Docs-only change
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
For #13715, this:
- Upgrades the Go version to `1.21.1`, infrastructure changes are
addressed separately at https://github.com/fleetdm/fleet/pull/13878
- Upgrades the linter version, as the current version doesn't work well
after the Go upgrade
- Fixes new linting errors (we now get errors for memory aliasing in
loops! 🎉 )
After this is merged people will need to:
1. Update their Go version. I use `gvm` and I did it like:
```
$ gvm install go1.21.1
$ gvm use go1.21.1 --default
```
2. Update the local version of `golangci-lint`:
```
$ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
```
3. (optional) depending on your setup, you might need to re-install some
packages, for example:
```
# goimports to automatically import libraries
$ go install golang.org/x/tools/cmd/goimports@latest
# gopls for the language server
$ go install golang.org/x/tools/gopls@latest
# etc...
```
Migrated the "Deploy Fleet on Render" guide to the docs.
- Moved content from `/articles/deploying-fleet-on-render.md` to
`/docs/deploy-on-render.md`
- Removed `/articles/deploy-fleet-on-render.md`
- moved images from the guide to `/docs/images` and renamed
- deleted redundant article cover image
- set up redirect in `routes.js` `/deploy/deploying-fleet-on-render` =>
`/docs/deploy/deploy-on-render`
# Checklist for submitter
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This is the last of three PRs to migrate the deployment guides into the
docs.
Changes:
- Moved content from `/articles/deploying-fleet-on-hetzner-cloud.md` to
`/docs/deploy-on-hetzner-cloud.md`.
- Removed `/articles/deploy-fleet-on-hetzner-cloud.md`.
- Moved images from the guide to `/docs/images` and renamed.
- Deleted redundant images and article cover image.
- Set up a redirect `/deploy/deploying-fleet-on-hetzner-cloud` =>
`/docs/deploy/deploy-on-hetzner-cloud`.
- Set up a redirect `/deploy` => `/docs/deploy` to redirect "Deployment
guides" in the main nav to the docs.
- Updated display names (in the docs nav) for existing deployment guides
in the docs to match the naming convention (E.g., "Deploy Fleet on
CentOS" => "CentOS")
- Removed the deployment guides article category from the blog.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Migrated the "Deploy Fleet on AWS with Terraform" guide to the docs.
- Moved content from
`/articles/deploying-fleet-on-aws-with-terraform.md` to
`/docs/deploy-on-aws.md`.
- Removed `/articles/deploy-fleet-on-aws-with-terraform.md`.
- Moved images from the guide to `/docs/images` and renamed.
- Deleted redundant image and article cover image.
- Set up a redirect in `routes.js`
`/deploy/deploying-fleet-on-aws-with-terraform` =>
`/docs/deploy/deploy-on-aws`.
# Checklist for submitter
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Added note to clairify the default policy time intervals for the Fleet
product, and help end-users configure a more personalized experience
with Fleet.
@Sampfluger88 @mikermcneil
Updated table rows related to MDM commands permission. Right now there
are just calling out macOS hosts and we're implementing MDM commands for
Windows. Additionally, there was a duplicate row in the table which I
removed.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
Related to #12627
Changes:
- Removed the `docs/deploy/server-installation` page and moved the
content into three deployment guides.
- Updated links to the server installation page
- Renamed the Cloud.gov page ("Cloud.gov" » "Deploy Fleet on Cloud.gov")
- Add instructions for setting up end user migration workflow
- Break out a separate section to default migration workflow for
automatically enrolled (DEP hosts)
- Break out separate end user instructions for manually enrolled hosts,
automatically enrolled hosts - default migration workflow, and
automatically enrolled hosts - end user migration workflow.
Closes: #12611
Changes:
- Added three new documentation sections `/docs/get-started/`,
`/docs/configuration` and `/docs/rest api/`
- Updated folder names: `/docs/Using-Fleet/` » `/docs/Using Fleet` and
`/docs/deploying` » `/docs/deploy/`
- Moved `/docs/using-fleet/process-events.md` to `/articles` and updated
the meta tags to change it into a guide.
- Added support for a new meta tag: `navSection`. This meta tag is used
to organize pages in the sidebar navigation on fleetdm.com/docs
- Moved `docs/using-fleet/application-security.md` and
`docs/using-fleet/security-audits.md` to the security handbook.
- Moved `docs/deploying/load-testing.md` and
`docs/deploying/debugging.md` to the engineering handbook.
- Moved the following files/folders:
- `docs/using-fleet/configuration-files/` »
`docs/configuration/configuration-files/`
- `docs/deploying/configuration.md` »
`docs/configuration/fleet-server-configuration.md`
- `docs/using-fleet/rest-api.md` » `docs/rest-api/rest-api.md`
- `docs/using-fleet/monitoring-fleet.md` » `docs/deploy/rest-api.md`
- Updated filenames:
- `docs/using-fleet/permissions.md` »
`docs/using-fleet/manage-access.md`
- `docs/using-fleet/adding-hosts.md` »
`docs/using-fleet/enroll-hosts.md`
- `docs/using-fleet/teams.md` » `docs/using-fleet/segment-hosts.md`
- `docs/using-fleet/fleet-ctl-agent-updates.md` »
`docs/using-fleet/update-agents.md`
- `docs/using-fleet/chromeos.md` »
`docs/using-fleet/enroll-chromebooks.md`
- Updated the generated markdown in `server/fleet/gen_activity_doc.go`
and `server/service/osquery_utils/gen_queries_doc.go`
- Updated the navigation sidebar and mobile dropdown links on docs pages
to group pages by their `navSection` meta tag.
- Updated fleetdm.com/docs not to show pages in the `docs/contributing/`
folder in the sidebar navigation
- Added redirects for docs pages that have moved.
.
---------
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Changes:
- Replaced Orbit with Fleetd throughout Fleet's documentation
- Changed the name of three pages: `orbit.md` » `fleetd.md`,
`orbit-development-and-release-strategy.md` »
`fleetd-development-and-release-strategy.md`, and
`Run-Locally-Built-Orbit.md` » `Run-Locally-Built-Fleetd.md`
- Updated links to pages with changed names.
- Added redirects for pages with changed names
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Install instructions for vagrant.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Eric <eashaw@sailsjs.com>
closes: #12422
Changes:
- Updated the positioning in the Fleet documentation readme
- Updated the example `<call-to-action>` component in the article
formatting guide.
Added statement around support for RSRs under the "known issues" section
of macos updates.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Unless I'm mistaking this for something I'm not aware of, this message
about MDM features not being available is out of date and needs to be
removed.
I also updated the sentence on line 293 for readability while I was in
the file.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
The changes in this diff really need to be applied throughout the reset
of the doc, I only went down from lines 1-24.
Other things noticed (for now in this PR or to file as separate issues
to add to a sprint, up to @rachaelshaw):
- link to /orbit should be renamed, with redirect added in routes.js for
backwards compat.
- Fleet uses consistent capitalization everywhere, including article
titles.
- documentation and handbook markdown filenames should be kebab-cased
(lowercase with no spaces)
> Context: Here's how I ended up noticing this:
https://osquery.slack.com/archives/C01DXJL16D8/p1686708452290589?thread_ts=1686645495.586929&cid=C01DXJL16D8
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
Co-authored-by: Sampfluger88 <108141731+Sampfluger88@users.noreply.github.com>
This PR requires the Windows MDM configuration changes - This will be
updated next week
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [x] Documented any permissions changes
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
Fixes a couple spots where "<organization>" wasn't displaying
because it was treated as a custom HTML element (and also fixes a
front-end error from Vue)
#11266
PS: I first attempted a serialization trick by introducing a new
`appConfigResponse` and implementing `json.Marshal` to exclude these
fields but it was too hacky and hard to maintain moving forward, so I'm
bitting the bullet now. Happy to hear other ideas.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
- Add section for viewing recent MDM commands using fleetctl get mdm-commands
- Add example output for fleetctl get mdm-commands and fleetctl get mdm-command-results
Changes:
- Updated the build-static-content script to throw an error if a
Markdown file contains a vue template (e.g., `{{ foo }}`)
- Updated an example in the "Using Fleet" FAQ to use single curly
brackets (`{{host}} ` » `{host}`)
Context: https://github.com/fleetdm/fleet/pull/12088
This guide are the lessons learned during the troubleshooting for
#10957.
It attempts to reduce pain for future oncall issues with live queries.
PS: AFAICS, this should close
https://github.com/fleetdm/fleet/issues/6141.
#10784
The removal of the now deprecated `sso_settings.enable_jit_role_sync`
config will be tackled in: #10688.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
#10878
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Closes#11640
Changes:
- Removed the whitespace in between the permission role names and the
asterisk that was causing the table header to have a linebreak in the
permission roles table.
This was found while working on #10957.
When running a live query, a lot of unused host data is stored in Redis
and sent on every live query result message via websockets. The frontend
and fleetctl just need `id`, `hostname` and `display_name`. (This
becomes worse every time we add new fields to the `Host` struct.)
Sample of one websocket message result when running `SELECT * from
osquery_info;`:
size in `main`: 2234 bytes
```
a["{\"type\":\"result\",\"data\":{\"distributed_query_execution_id\":57,\"host\":
{\"created_at\":\"2023-05-22T12:14:11Z\",\"updated_at\":\"2023-05-23T12:31:51Z\",
\"software_updated_at\":\"0001-01-01T00:00:00Z\",\"id\":106,\"detail_updated_at\":\"2023-05-23T11:50:04Z\",
\"label_updated_at\":\"2023-05-23T11:50:04Z\",\"policy_updated_at\":\"1970-01-02T00:00:00Z\",
\"last_enrolled_at\":\"2023-05-22T12:14:12Z\",
\"seen_time\":\"2023-05-23T09:52:23.876311-03:00\",\"refetch_requested\":false,
\"hostname\":\"lucass-macbook-pro.local\",\"uuid\":\"BD4DFA10-E334-41D9-8136-D2163A8FE588\",\"platform\":\"darwin\",\"osquery_version\":\"5.8.2\",\"os_version\":\"macOS 13.3.1\",\"build\":\"22E261\",\"platform_like\":\"darwin\",\"code_name\":\"\",
\"uptime\":91125000000000,\"memory\":34359738368,\"cpu_type\":\"x86_64h\",\"cpu_subtype\":\"Intel x86-64h Haswell\",\"cpu_brand\":\"Intel(R) Core(TM) i7-1068NG7 CPU @ 2.30GHz\",\"cpu_physical_cores\":4,\"cpu_logical_cores\":8,\"hardware_vendor\":\"Apple Inc.\",\"hardware_model\":\"MacBookPro16,2\",\"hardware_version\":\"1.0\",
\"hardware_serial\":\"0DPQR4HMD1FZ\",
\"computer_name\":\"Lucas’s MacBook Pro\",\"public_ip\":\"\",
\"primary_ip\":\"192.168.0.230\",\"primary_mac\":\"68:2f:67:8e:b6:1f\",
\"distributed_interval\":1,\"config_tls_refresh\":60,\"logger_tls_period\":10,\"team_id\":null,
\"pack_stats\":null,\"team_name\":null,
\"gigs_disk_space_available\":386.23,\"percent_disk_space_available\":40,
\"issues\":{\"total_issues_count\":0,\"failing_policies_count\":0},
\"mdm\":{\"enrollment_status\":null,\"server_url\":null,\"name\":\"\",\"encryption_key_available\":false},
\"status\":\"online\",\"display_text\":\"lucass-macbook-pro.local\",\"display_name\":\"Lucas’s MacBook Pro\"},
\"rows\":[{\"build_distro\":\"10.14\",\"build_platform\":\"darwin\",
\"config_hash\":\"b7ee9363a7c686e76e99ffb122e9c5241a791e69\",\"config_valid\":\"1\",
\"extensions\":\"active\",\"host_display_name\":\"Lucas’s MacBook Pro\",
\"host_hostname\":\"lucass-macbook-pro.local\",\"instance_id\":\"cde5de81-344b-4c76-b1c5-dae964fdd4f2\",\"pid\":\"8370\",\"platform_mask\":\"21\",\"start_time\":\"1684757652\",
\"uuid\":\"BD4DFA10-E334-41D9-8136-D2163A8FE588\",
\"version\":\"5.8.2\",\"watcher\":\"8364\"}],\"error\":null}}"]
```
vs. size of the message result on this branch: 675 bytes
```
a["{\"type\":\"result\",\"data\":{\"distributed_query_execution_id\":59,
\"host\":{\"id\":106,\"hostname\":\"lucass-macbook-pro.local\",
\"display_name\":\"Lucas’s MacBook Pro\"},
\"rows\":[{\"build_distro\":\"10.14\",\"build_platform\":\"darwin\",
\"config_hash\":\"f80dee827635db39077a458243379b3ad63311fd\",
\"config_valid\":\"1\",\"extensions\":\"active\",\"host_display_name\":\"Lucas’s MacBook Pro\",
\"host_hostname\":\"lucass-macbook-pro.local\",
\"instance_id\":\"cde5de81-344b-4c76-b1c5-dae964fdd4f2\",\"pid\":\"8370\",\"platform_mask\":\"21\",
\"start_time\":\"1684757652\",\"uuid\":\"BD4DFA10-E334-41D9-8136-D2163A8FE588\",\"version\":\"5.8.2\",
\"watcher\":\"8364\"}]}}"]
```
Manual tests included running with an old fleetctl running with a new
fleet server, and vice-versa, a new fleetctl running against an old
fleet server.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
Closes#11436
Changes:
- Updated the example used for adding users to a team in the Rest API
docs.
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
Changes address the feedback below:
> Disk encryption docs should say that you shouldn’t use custom settings
to enforce disk encryption (prevent user from trying to do filevault via
imazing)
I decided not to call this out in the docs because this is handled by
the product. The UI (and CLI) show this error if the user tries to use
custom settings to enforce disk encryption:
> Custom settings docs says randomly that it only works for macOS.
Should be obvious. No need to state?
I removed sentence about Fleet only supporting macOS
For #11279.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
